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The MAILING DATE of this communication appears on the cover sheet with the corresp ndence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply WiiUm the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply wilt, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to connmunication(s) filed on 13 October 2004 , 
2a)\3 This action is FINAL. 2b)^ This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-15 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) S Claim(s) 1-15 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) S The drawing(s) filed on 09 November 1999 is/are: a)IEI accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) Including the correction is required if the drawing(s) Is objected to. See 37 CFR 1, 121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)n None of: 

1 Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17, 2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . This action is responding to application papers filed 10/13/2004. 

2. Claims 1 - 15 are pending. Claims 1, 8 have been amended. Independent claims 
are 1, 8. 

Claim Rejection - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1 - 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Jain et al. (US Patent No. 6,311,218) in view of Goldman (US Patent No. 5,684,951) 
and further in view of Wesinger et al. (US Patent No. 6,052,788). 

Regarding Claim 1, Jain discloses (Currently Amended) a computer-readable medium 
having computer-executable instructions for operating a policy agent of a network for 
performing steps comprising: 

a) detecting a network connection from a client computer on the network; (see 
Jain col. 4, lines 54-57: detect a network port connection) 
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b) composing a challenge for authenticating a user of the client computer 
associated with said network connection, the challenge being encrypted with a 
private key of the policy agent; (see Jain col. 2, lines 44-47: challenge-response 
authentication mechanism utilized) 

c) transmitting the challenge to the client computer; (see Jain col. 2, lines 44-47: 
challenge presented to user) 

d) receiving a response from the client computer; (see Jain col. 2, lines 44-47: 
response received) 

e) decrypting the response using a public key of the user to obtain a first message 
digest value; (see Jain col. 6, lines 13-15: decrypt the response with public 
key) 

g) Jain discloses a policy agent for network security. Jain does not disclose 
generation of a message digest (hash) from challenge and input data. 
However, Goldman discloses calculating a second message digest value based 
on the challenge and input (network) data; (see Goldman col. 9, lines 38-41: 
message digest (hash) generated with challenge and secret data) 

h) Jain does not disclose the comparison of a first and second message digest 
values to determine a match. However, Goldman discloses comparing the first 
and second message digest values to determine whether a match is found; (see 
Goldman Figure 9; col. 10, lines 51-56: comparison to determine a match 
result) 
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It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize message digest generation and 
comparisons within an authentication system as taught by Goldman. One of 
ordinary skill in the art would be motivated to employ Goldman in order to 
strengthen security for network communications systems, (see Goldman col. 1 , 
lines 60-66: "... a user validation system that offers entry security even if a user 
password or identification number is compromised ... safe guards against 
unauttiorized entry, but also effectively records and flags unautfiorized entries to 
authorized users 

f) Jain does not disclose processing of network data through network connection. 
However, Wesinger discloses receiving network data through the network 
connection with the client computer; (see Wesinger col. 4, lines 1-5; col. 10, 
lines 58-66: out of band authentication, data filtering utilizing 
encryption/decryption) 

i) Jain does not disclose filtering (encryption/decryption) of network data to 
determine a match. However, Wesinger discloses if a match is found, then 
fonvardinq the network data to their specified recipient, else not fonA^arding the 
network data to their specified recipient , (see Wesinger col. 4, lines 1-5; col. 10, 
lines 58-66: out-of-band authentication and network data packet filtering 
encryption/decryption mechanism utilized) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize an out-of-band authentication and 
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data filtering mechanism as taught by Wesinger. One of ordinary skill in the art 
would be motivated to employ Wesinger in order to strengthen security for 
communications in network environments, (see Wesinger col. 3, lines 55-57: " 
■ . . provides a firewall that achieves maximum network security and maximum 
user convenience ... '0 

Regarding Claim 2 (Original), Wesinger discloses a computer-readable medium as in 
claim 1 , wherein the policy agent is a firewall, (see Wesinger col. 3, lines 55-57: policy 
agent, a firewall) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilized out-of-band authentication and data 
filtering with a firewall mechanism as taught by Wesinger. One of ordinary skill in the art 
would be motivated to employ Wesinger in order to strengthen security for 
communications in network environments, (see Wesinger col. 3, lines 55-57) 

Regarding Claims 3, 10 (Previously Presented), Jain discloses a computer-readable 
medium as in claims 1 , 8, wherein the step of composing includes encrypting the 
challenge with a public key of the user, (see Jain col, 6, lines 2-9: encrypt challenge with 
public key) 

Regarding Claims 4, 11 (Original), Jain discloses a computer-readable medium as in 
claims 3, 8, wherein the step of decrypting includes decrypting the response with a 
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private key of the policy agent, (see Jain col. 6, line 2-9: decrypt response with private 
key) 



Regarding Claims 5, 12 (Original), Jain does not disclose generating a message digest 
with the inclusion of a time stamp. However, Goldman discloses a computer-readable 
medium as in claims 1 , 8, wherein the step of composing includes generating a 
message digest with the inclusion of a time stamp, (see Goldman col. 9, lines 34-41 : 
generate message digest with timestamp value) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize message digest generation and 
comparisons within an authentication system as taught by Goldman. One of ordinary 
skill in the art would be motivated to employ Goldman in order to strengthen security for 
network communications systems, (see Goldman col. 1, lines 60-66) 



Regarding Claims 6, 13 (Original), Jain-Goldman discloses an authentication 
mechanism utilizing cryptography, message digest generation and comparison. Jain- 
Goldman does not disclose an out-of-band authentication mechanism utilizing network 
data packet filtering. However, Wesinger discloses a computer-readable medium as in 
claims 1 , 8, wherein the received network data are in a form of packets, and the step of 
calculating calculates the second message digest value based on a pre-selected 
number of packets of the received network data, (see Wesinger col. 4, lines 1-5; col. 10, 
lines 58-66: out-of-band authentication and network data packet filtering 
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encryption/decryption mechanism utilized) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize a firewall with an out-of-band authentication 
and data filtering mechanism as taught by Wesinger. One of ordinary skill in the art 
would be motivated to employ Wesinger in order to strengthen security for 
communications in network environments, (see Wesinger col. 3, lines 55-57) 

Regarding Claims 7, 9 (Original), Jain-Goldman discloses an authentication 
mechanism utilizing cryptography, message digest generation and comparison. Jain- 
Goldman does not disclose an out-of-band authentication mechanism utilizing network 
data packet filtering. However, Wesinger discloses a computer-readable medium as in 
claims 1, 8, having further computer-executable instructions for performing network 
access policies on the received network data according to the identity of the user after a 
match between the first and second message digest values is found, (see Wesinger col. 
4, lines 1-5; col. 10, lines 58-66: out-of-band authentication and network data packet 
filtering encryption/decryption mechanism utilized) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize an out-of-band authentication and data 
filtering mechanism as taught by Wesinger. One of ordinary skill in the art would be 
motivated to employ Wesinger in order to strengthen security for communications in 
network environments, (see Wesinger col. 3, lines 55-57) 
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R garding Claim 8 (Currently Amended), Jain discloses a method of authenticating a 
user using a client computer on a network to transmit network data through a policy 
agent of the network, comprising the steps of: 

a) detecting by the policy agent a network connection from the client computer for 

transmitting network data of the user; (see Jain col. 4, lines 54-57: detect 
network port connection) 

b) receiving by the policy agent network data transmitted through the network 

connection from the client computer; (see Jain col. 2, lines 55-58: receive data 
over network connection) 

c) obtaining, by the policy agent, an identity of the user and a public key of the user; 

(see col. 4, lines 27-36: obtain user identity) 

d) composing, by the policy agent, a challenge encrypted with a private key of the 

policy agent; (see Jain col. 2, lines 44-47: challenge-response authentication 
mechanism utilized) 

e) sending the challenge to the client computer; (see Jain col. 2, lines 44-47) 

f) decrypting, by the client computer, the challenge; (see Jain col. 6, lines 13-15) 

h) encrypting, by the client computer, the first message digest value with a private 

key of the user to create a response; (see Jain col. 5, line 66 - col. 6, line 2) 

i) sending the response to the policy agent; (see Jain col. 6, lines 2-9) 

j) decrypting, by the policy agent, the response to obtain the first message digest 
value; (see Jain col. 6, lines 13-15) 
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k) Jain discloses a policy agent for network security. Jain does not disclose 
generation of a message digest (hash) from input data. However, Goldman 
discloses calculating a second message digest value based on the challenge 
and the network data received through the network connection from the client 
computer; (see Goldman col. 9, lines 14-15) 

I) Jain does not disclose the comparison of a first and second message digest 
values to determine a match. However, Goldman discloses comparing the first 
and second message digest values to determine whether there is a match there 
between, (see Goldman col. 10, lines 52-53) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize message digest generation and 
comparison within an authentication mechanism as taught by Goldman. One of 
ordinary skill in the art would be motivated to employ Goldman in order to 
strengthen security for network communications systems, (see Goldman col. 1 , 
lines 60-66) 

g) Jain-Goldman discloses a challenge authentication mechanism. Jain-Goldman 
does not disclose an out-of-band authentication and network packet filtering 
system. However, Wesinger discloses generating, by the client computer, a first 
message digest value based on the network data of the user; (see Wesinger 
col. 4, lines 1-5; col. 10, line 58-66: ) 

m) Jain-Goldman discloses a challenge authentication mechanism. Jain-Goldman 
does not disclose an out-of-band authentication and network packet filtering 
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system. However, Wesinger discloses if a match is found, then forwarding, bv 
the policy agent, the network data to their specified recipient, else not 
forwarding the network data to their specified recipient , (see Wesinger col. 4, 
lines 1-5; col. 10, line 58-66: out-of-band authentication, data filtering utilizing 
encryption/decryption) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize a firewall with an out-of-band 
authentication and data filtering mechanism as taught by Wesinger. One of 
ordinary skill in the art would be motivated to employ Wesinger in order to 
strengthen security for communications in network environments, (see 
Wesinger col. 3, lines 55-57) 

Regarding Claim 14 (Original), Jain discloses encryption/decryption techniques for an 
authentication challenge. Jain does not disclose the generation of a message digest 
utilizing random numbers and a challenge. However, Goldman discloses a method as 
in claim 8, wherein the step of generating by the client computer generates the first 
message digest value based on a random number, data decrypted from the challenge, 
and data of the pre-selected packets of the received network data, (see Goldman col. 9, 
lines 38-41: message digest generated utilizing random patterns, challenge (secret) and 
data) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize message digest generation and comparison 
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within an authentication mechanisnn as taught by Goldman, One of ordinary skill in the 
art would be motivated to employ Goldman in order to strengthen security for network 
communications systems, (see Goldman col. 1 , lines 60-66) 

Regarding Claim 15 (Original), Jain discloses a security server acting as a policy 
agent. Jain does not disclose a firewall. However, Wesinger discloses a method as in 
claim 8, wherein the policy agent is a firewall of the network, (see Wesinger col. 3, lines 
55-57: policy agent, a firewall) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify Jain to utilize an out-of-band authentication and data 
filtering mechanism as taught by Wesinger. One of ordinary skill in the art would be 
motivated to employ Wesinger in order to strengthen security for communications in 
network environments, (see Wesinger col. 3, lines 55-57) 

Conclusion 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kyung H Shin whose telephone number is (571) 272- 
3920. The examiner can normally be reached on 9 am - 7 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A Wiley can be reached on (571 ) 272-3923. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infonnation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Kyung H Shin 
Patent Examiner 
Art Unit 2143 



KHS 

Jan. 7, 2005 
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